ISO/IEC 24745:2022 信息技术 安全技术 生物测定信息保护

标准编号：ISO/IEC 24745:2022

中文名称：信息技术 安全技术 生物测定信息保护

英文名称：Information security, cybersecurity and privacy protection — Biometric information protection

发布日期：2022-02

标准范围

IEC/ISO 24745:2022本文件涵盖了在存储和传输过程中保密性、完整性和可更新性/可撤销性的各种要求下对生物识别信息的保护。它还提供了安全和符合隐私的生物识别信息管理和处理的要求和建议。本文件规定了以下内容:-分析生物识别和生物识别系统应用模型固有的威胁和对策；-用于在生物识别参考(BR)和身份参考(IR)之间安全绑定的安全要求；-用于存储和比较BR的不同场景的生物识别系统应用模型；-关于在处理生物特征信息期间保护个人隐私的指导。本文档不包括与加密技术的物理安全、环境安全和密钥管理相关的一般管理问题。

IEC/ISO 24745:2022 This document covers the protection of biometric information under various requirements for confidentiality, integrity and renewability/revocability during storage and transfer. It also provides requirements and recommendations for the secure and privacy-compliant management and processing of biometric information.
This document specifies the following:
- analysis of the threats to and countermeasures inherent to biometrics and biometric system application models;
- security requirements for securely binding between a biometric reference (BR) and an identity reference (IR);
- biometric system application models with different scenarios for the storage and comparison of BRs;
- guidance on the protection of an individual's privacy during the processing of biometric information.
This document does not include general management issues related to physical security, environmental security and key management for cryptographic techniques.

标准预览图